verify redirects are safe before redirecting

2026-02-27 07:16:40 +00:00 · 2025-01-09 23:21:57 -05:00
parent a556339b76
commit 6c813186b8
18 changed files with 99 additions and 45 deletions
--- a/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
+++ b/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
@@ -481,11 +481,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                        className={`${numMethods <= 1 ? "mt-0" : ""}`}
                                    >
                                        <LoginForm
-                                            redirect={
-                                                typeof window !== "undefined"
-                                                    ? window.location.href
-                                                    : ""
-                                            }
+                                            redirect={`/auth/resource/${props.resource.id}`}
                                            onLogin={async () =>
                                                await handleSSOAuth()
                                            }
--- a/src/app/auth/resource/[resourceId]/page.tsx
+++ b/src/app/auth/resource/[resourceId]/page.tsx
@@ -55,7 +55,17 @@ export default async function ResourceAuthPage(props: {
        );
    }

-    const redirectUrl = searchParams.redirect || authInfo.url;
+    let redirectUrl = authInfo.url;
+    // if (searchParams.redirect) {
+    //     try {
+    //         const serverResourceHost = new URL(authInfo.url).host;
+    //         const redirectHost = new URL(searchParams.redirect).host;
+    //
+    //         if (serverResourceHost === redirectHost) {
+    //             redirectUrl = searchParams.redirect;
+    //         }
+    //     } catch (e) {}
+    // }

    const hasAuth =
        authInfo.password ||